So, I’ve been using keepassxc for some time now, but I wanted a viable alternative for command line usage (there is keepassxc-cli, that I use, but it is really a pain in the ass). So, I searched and found pass and gopass.

However, I’ve seen that they store each entry in a gpg encrypted file, inside a plain directory hierarchy. And, don’t get me wrong, I believe that there are use cases for this, but if someone got their hands in your password_store, they would know every single login that you have (the only information that is protected is the password, or whatever is in the gpg file).

So, my question is, there is a password manager, cli based, that encrypts the whole database, and not the single entries?

Update: there is a pass extension made specifically to address this issue

  • Xanza@lemm.eeEnglish
    2·
    1 month ago

    In the other hand, if someone got your password store, and you used this hierarchy structure, they could try to attack directly the logins

    The .pass file is encrypted just like the kbdx database and is also protected by a password. Apples to apples its the same amount of security.